<?



if ($_POST['submit'] == 'Create' && $_POST['email'] == '') { //email is really a capatcha

	$realname = trim(preg_replace('/[^\w ]+/',' ',$_POST['realname']));
	
	
	if (empty($realname)) {
	
		die ("no username provided");
	
	}
	
	include($_SERVER['DOCUMENT_ROOT'].'/portals/config.php');
	include($_SERVER['DOCUMENT_ROOT'].'/groups/database.php');

	init_session();

	//check if trying to impersonate a registered user... TODO make this less brittle!
	$user = getRow("SELECT * FROM `user` WHERE (geo_bi_id != 0 || geo_de_id != 0) AND realname = ".dbQuote($realname));
	
	
	if (!empty($user)) {
		die ("unable to continue");
	}
	
	$updates = array();
	$updates['realname'] = $realname;
	$updates['created'] = 'NOW()';

	$sql= updates_to_insert('user',$updates);
	queryExecute($sql);
	
	$user_id = mysql_insert_id();
	
	//log the user
	$u = array();
	$u['table'] = 'user';
	$u['table_id'] = $user_id;
	$u['name'] = 'realname';
	$u['value'] = $realname;
	$u['user_id'] = $user_id;
	$sql= updates_to_insert('update_log',$u);
	queryExecute($sql);


	
	$_SESSION['user_id'] = $user_id;
	$_SESSION['realname'] = $realname;
	
	header("HTTP/1.0 303 See Other");
	header("Status: 303 See Other");
	
	if (empty($_SESSION['continue'])) {
		header("Location: ./");
	} else {
		header("Location: ".$_SESSION['continue']);
	}
	
	print "<a href=./>continue...</a>";
	exit;
} 

die ("error");